Applying token to date time functions in a dashboa...

PB · ‎05-20-2024

Looking to build an interactive dashboard from csv file which contains timestamp.

If we select last 7 days, am looking to filter 19th May to 13th May of data from this below sample table.

Sample data:

_time	Index	Sourcetype
19-05-2024 05:30	x	y
18-05-2024 05:30	x	y
...

One of the input am planning is Time frame, so if i've to pass the token to the panels am trying to use |eval Time=relative_time(now(),"$time_tok$") which is not working as time token comes with earliest and latest timestamps. So, I've tried strptime to convert but still no luck over there.

Can someone suggest a better way?

KendallW · ‎05-20-2024

Hi @PB Could you please share your dashboard's XML?

If I understand correctly, you want to pick a time range using Splunk's time picker on the dashboard, then have data from the CSV (lookup?) file returned by a search where the _time column in the CSV falls within the range specified in the time picker?

PB · ‎05-20-2024

Hi @KendallW
yes, that's exactly right. _time is one of the columns in a lookup file.

And I want to choose the _time range from Lookup file using the time picker in Splunk dashboard.

Applying token to date time functions in a dashboard

token

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?